Overview

overview

10

Static

static

OBL.xlsm

windows7_x64

10

OBL.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OBL.xlsm

  • Size

    51KB

  • Sample

    200710-6tl4yxdgts

  • MD5

    701f9328e7a3342f0dfa48698c6c613b

  • SHA1

    6edc2590af618b480f1c40e2eb7931fc731850bd

  • SHA256

    020f81f9c5ff58cce183a45b51770b5fa15486446250d168f492264e71701078

  • SHA512

    c0998664d42b7915f3a9cdbc517662e0625f02b3d4f06f5ec872d7f71674d3392fa36e4cf72424187bbb5902b8f5797f82c81b41b125c90473e2a2664a58c7fa

Score
10/10
spyware

Malware Config

Targets

    • Target

      OBL.xlsm

    • Size

      51KB

    • MD5

      701f9328e7a3342f0dfa48698c6c613b

    • SHA1

      6edc2590af618b480f1c40e2eb7931fc731850bd

    • SHA256

      020f81f9c5ff58cce183a45b51770b5fa15486446250d168f492264e71701078

    • SHA512

      c0998664d42b7915f3a9cdbc517662e0625f02b3d4f06f5ec872d7f71674d3392fa36e4cf72424187bbb5902b8f5797f82c81b41b125c90473e2a2664a58c7fa

    Score
    10/10
    spyware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks